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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on May 23, 2008 has been entered. 

2. Claims 35-58 are pending. 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

4. Claim 35-58 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply with 
the written description requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to reasonably convey to one skilled in the relevant 
art that the inventor(s), at the time the application was filed, had possession of the claimed 
invention. 

5. Specifically, claims 35, 42 and 49 recite storing a public key at a payment authorization 
service, but the specification instead states that the authentication service stores secret 
information. Is the payment authorization service the same as the authentication service? If so, 
consider revising the claim to read "authentication service" or indicate where in the specification 
describes the payment authorization service storing the public key. Also, claim 35 recites 
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"linking the PKI key pair to at least a first payment instrument of a buyer", "determining that the 
buyer has access to the private key and that the buyer is authorized to use the first payment 
instrument", and "the authentication response including an indication that the buyer is authorized 
to use the first payment instrument"; however, the specification does not disclose a first payment 
instrument and the steps relating to the instrument. If Applicants disagrees, please clearly 
indicate where these features are disclosed. 

6. Claims 40 and 47 recite "the buyer profile being linked to the PKI key pair"; however, 
the specification does not show this feature. If Applicants disagrees, please clearly indicate 
where this feature is disclosed. 

7. Also, please indicate where support lays for newly added claims 56-58. 

Claim Rejections - 35 USC §103 

8. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

9. Claims 35, 37-42, 44-49, 51-58 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent No. 6205437 to Gifford in view of U.S. Publication NO. 2004/0243520 to 
Bishop et al. ("Bishop") and US Publication NO. 2001/0044787 to Shwartz et al. ("Shwartz") 

Referring to claims 35 and 42, Gifford discloses at a payment authorization service, 
storing a public key associated with a public key infrastructure (PKI) key pair in a profile 
database (see col. 10, lines 37-42 - at the payment computer, the public key corresponding to 
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each sender is kept in a database), linking the PKI key pair to at least a first payment instrument ( 
see col. 10, lines 48-67; col. 11, lines 1-7 - the smart card including a secret key is used to sign 
the payment order), in response to receiving an authentication request from the buyer over a 
network, the authentication request including a description of the payment transaction and an 
identity of a seller (see col. 6, lines 16-32), the seller separate from the payment authorization 
service (see Fig. 1, items 63 & 68), storing a digitally signed record of the payment transaction in 
a transaction archive, i.e. "transaction database" (see col. 8, lines 16-19), sending an 
authentication response to the seller over the network (see col. 6, lines 52-61). Gifford does not 
expressly disclose sending a challenge request to the buyer over the network, the challenge 
request including a summary of the payment transaction, in response to receiving a challenge 
response from the buyer over the network, the challenge response including summary of the 
payment transaction digitally signed by the buyer, determining that buyer has access to the 
private key and that the buyer is authorized to use the first payment instrument by using the 
public key to decrypt the digitally signed message. Bishop discloses sending a challenge request 
to the buyer over the network, in response to receiving a challenge response from the buyer over 
the network, the challenge response including summary of the payment transaction digitally 
signed by the buyer, determining that buyer has access to the private key and that the buyer is 
authorized to use a first payment instrument by using the public key to decrypt the digitally 
signed message (see paragraphs [0094] & [0095]). Shwartz discloses the challenge request 
including a summary of the payment transaction (see paragraphs [0182]-[0184]). As for the step 
where the authentication response including an indication that the buyer is authorized to use the 
first payment instrument, this is considered nonfunctional descriptive material and is not 
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functionally involved in the steps recited. The sending step would be performed the same 
regardless of the data. Thus, this descriptive material will not distinguish the claimed invention 
from the prior art in terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 
401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 UPSQ2d 1031 (Fed. Cir. 1994). 
Therefore, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to generate and the search results including any type of data because such 
data does not functionally relate to the steps in the method claimed and because the subjective 
interpretation of the data does not patentably distinguish the claimed invention. Also, it would 
have obvious to one of ordinary skill in the art to modify Gifford to include the features taught 
by Bishop and Shwartz because it protects the network server from attacks and improve the ease 
and safety of electronic commerce for consumers (see Bishop & Shwartz ). 

Referring to claims 37, 44 and 51, Gifford discloses the method wherein the record of the 
payment transaction is digitally signed using the private key (see col. 10, lines 43-45). 

Referring to claims 38, 45 and 52, Gifford discloses the method wherein the record of the 
online transaction is digitally signed using a local private key (see col. 10, lines 48 & 49). 

Referring to claims 39, 46 and 53, Gifford discloses the method wherein the public key is 
stored in the form of a digital certificate representing that the public key is tied to the buyer (see 
col. 7, lines 44-46). 

Referring to claims 40, 47 and 54, Gifford discloses several databases including account 
database storing account information and an address database storing shipping address 
information (see col. 8, lines 12-24 and 33-36) . Gifford also discloses receiving a selection of 
one of the plurality of payment instruments (i.e. "means of payment") and one of the plurality of 
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shipping addresses from the buyer over the network (see col. 5, lines 34-50; col. 8, lines 33-35). 
Gifford does not expressly disclose retrieving a buyer profile from the database, the buyer profile 
being linked to the PKI key pair and including a plurality of payment instruments and a plurality 
of shipping address and sending the buyer profile to the buyer over the network; however, these 
are inherent steps. Before selecting the method of payment and address information, the buyer 
must first be provided with his profile. 

Referring to claims 41,48 and 55, Gifford discloses processing the payment transaction 
via a payment gateway (i.e. "payment computer") see col. 6, lines 12-14. 

Referring to claim 49, Gifford discloses a profile database, i.e. account database and 
address database, transaction archive, i.e. settlement database" (see col. 7, lines 66-67 & col. 8, 
lines 1-7) an authentication service web server (i.e. "payment computer") coupled to the profile 
database, the transaction archive and the network, the authentication service web server 
adaptively configured to (see col. 4, lines 46-55) store a public key associated with a public key 
infrastructure (PKI) key pair in a profile database (see col. 10, lines 37-42), in response to 
receiving an authentication request from a buyer over a network, the authentication request 
including a description of the payment transaction and an identity of a seller (see col. 6, lines 16- 
32), store a digitally signed record of the payment transaction in a transaction archive, i.e. 
"transaction database" (see col. 8, lines 16-19) and send an authentication response to the seller 
over the network (see col. 6, lines 52-61). Gifford does not expressly disclose the web server 
adaptively configured to send a challenge request to the buyer over the network, the challenge 
request including a summary of the payment transaction to be displayed to the buyer then 
digitally signed by the buyer using a private key associate with the PKI key pair, or in response 
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to receiving a challenge response from the buyer over the network, the challenge response 
including the digitally singed summary of the payment transaction, determine whether the buyer 
has access to the private key by using the public key to decrypt the digitally signed summary of 
the payment transaction. Bishop discloses sending a challenge request to the buyer over the 
network, the challenge request message to be displayed to the buyer then digitally signed by the 
buyer using a private key associate with the PKI key pair, or in response to receiving a challenge 
response from the buyer over the network, the challenge response including the digitally singed 
message, determining whether the buyer has access to the private key by using the public key to 
decrypt the digitally signed message (see paragraphs [0094] & [0095]). Shwartz discloses the 
challenge request including a summary of the payment transaction (see paragraphs [0182]- 
[0184]). At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to modify the method disclose by Gifford to include the steps of the web server 
adaptively configured to send a challenge request to the buyer over the network, the challenge 
request including a summary of the payment transaction to be displayed to the buyer then 
digitally signed by the buyer using a private key associate with the PKI key pair, or in response 
to receiving a challenge response from the buyer over the network, the challenge response 
including the digitally singed summary of the payment transaction, determine whether the buyer 
has access to the private key by using the public key to decrypt the digitally signed summary of 
the payment transaction. One of ordinary skill in the art would have been motivated to do this 
because it protects the network server from attacks and improve the ease and safety of electronic 
commerce for consumers (see Bishop & Shwartz). 
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As per claims 56-58, the combination of Gifford, Bishop, and Shwartz disclose these 
features (see claim 35 & 42 above). 

10. Claims 36,43 and 50 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gifford, Bishop et al. and Shwartz et al. as applied to claims 35, 42 and 49 above, and further in 
view of US Publication NO. 2001/0014158 to Baltzley. 

Gifford discloses PKI key pair (see claims 35 and 42 above). Gifford does not expressly 
disclose creating the PKI key pair, and sending the private key to the buyer over the network. 
Baltzley discloses creating the PKI key pair (see paragraph [0010], and sending the private key 
to the buyer over the network (see paragraph [001 1]). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Gifford to include the steps of creating the PKI key pair, and sending the private key to the buyer 
over the network. One of ordinary skill in the art would have been motivated to do this because 
it prevents fraud by providing additional security. 

Conclusion 

Functional recitation(s) using the word "for" or other functional language {e.g. "adapted to" in 
claim 54) have been considered but are given little patentable weight 1 because they fail to add 
any structural limitations and are thereby regarded as intended use language. A recitation of the 
intended use of the claimed product must result in a structural difference between the claimed 
product and the prior art in order to patentably distinguish the claimed product from the prior art. 
If the prior art structure is capable of performing the intended use, then it reads on the claimed 
limitation. In re Casey, 370 F.2d 576, 152 USPQ 235 (CCPA 1967) ("The manner or method in 

1 See e.g. In re Gulack, 703 F.2d 1381, 217 USPQ 401, 404 (Fed. Cir. 1983)(stating that 
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which such machine is to be utilized is not germane to the issue of patentability of the machine 
itself."); In re Otto, 136 USPQ 458, 459 (CCPA 1963). See also MPEP §§ 2114 and 2115. 
Unless expressly noted otherwise by the Examiner, the claim interpretation principles in this 
paragraph apply to all examined claims currently pending. 

/Jalatee Worjloh/ 

Primary Examiner, Art Unit 3685 



although all limitations must be considered, not all limitations are entitled to patentable weight). 



